Headline
CVE-2023-5351: SuiteCRM 7.14.1 Release · salesagility/SuiteCRM@c43eaa3
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
Expand Up
@@ -2521,12 +2521,12 @@ public function cleanBean()
}
if (isset($def[‘type’]) && ($def[‘type’] == ‘html’ || $def[‘type’] == ‘longhtml’)) {
$this->$key = htmlentities((string) SugarCleaner::cleanHtml($this->$key, true));
$this->$key = purify_html($this->$key);
} elseif (
(strpos((string) $type, ‘char’) !== false || strpos((string) $type, ‘text’) !== false || $type == ‘enum’) &&
!empty($this->$key)
) {
$this->$key = htmlentities((string) SugarCleaner::cleanHtml($this->$key, true));
$this->$key = purify_html($this->$key);
}
}
}
Expand Down